REMARKS 



Claims 9-26 and 30 are pending in the patent 
application. The Examiner has rejected Claims 9-11 under 35 
use 102(b) as anticipated by the Merritt patent; Claims 
12-19, 21, 22, and 26 under 35 USC 103 as unpatentable over 
the combined teachings of Merritt and Manduley; Claims 23 
and 24 as being unpatentable over Merritt in view of 
Manduley and Schneier; Claim 20 under 35 USC 103 as 
unpatentable over the combined teachings of Merritt and 
Manduley further in view of Lessin; Claim 25 under 35 USC 
103 as unpatentable over the combined teachings of Merritt 
and Manduley and further in view of Daggar. Applicants note 
that the Examiner has failed to expressly state whether 
Claim 30 is allowed or rejected. Applicants request 
clarification of the status of Claim 30. Since the program 
storage device language of Claim 30 parallels the language 
of method Claim 12, the language of Claim 30 will be 
defended as if the Examiner rejected Claim 30 using the same 
art used to reject Claim 12. For the reasons set forth 
below. Applicants respectfully assert that the claims, as 
amended, are patentable over the cited art. 
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The present invention teaches and claims a device, 
terminal, server, program storage device, and method for 
establishing trustworthy connections among a user, with or 
without a device inserted at a terminal, a terminal, and a 
server. Specifically, the user must know that the terminal 
is trusted by the server before the user will release any 
sensitive information to the terminal. Similarly, the 
server must know that the terminal seeking access to it is 
authentic. The server may also engage in an exchange to 
determine if the user, of a user device or of the terminal, 
is authorized to access the server. In all claimed 
embodiments of the invention, the server authenticates the 
terminal. Once the terminal has been authenticated, the 
server communicates that information along the second 
connection between the user device and the server, without 
communicating that information along the connection between 
the server and the terminal. The server either communicates 
that information directly to the user by display at the user 
device, or communicates that information to the user by 
notifying the user device whereupon the user device causes 
the terminal to display the information to the user, when 
the user has a device that does not have display 
capabilities. Applicants respectfully assert that none of 
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the cited prior art teaches or suggests a server 
communicating terminal authentication information directly 
to the user device along a connection between the server and 
the user device. Applicants also assert that none of the 
prior art teaches or suggests that terminal authentication 
information be communicated to the user, whereupon the user 
or user device provides information to the terminal for the 
terminal to dynamically create a user-specific authenticity 
output message for display to the user. None of the cited 
art teaches or suggests that a terminal dynamically create 
an authenticity output message. 

The primary reference cited against the present 
application is the Merritt patent. The Merritt patent 
teaches a method for authenticating a terminal whereby a 
terminal contacts the server, followed by the server and the 
terminal engaging in an authentication process, referred to 
as a "two-way challenge-response" (Col. 4, lines 57-64). 
Once the server and the terminal have mutually authenticated 
themselves to each other, the terminal sends the user's 
account information to the server, the server retrieves a 
user-specific personal security phrase C'PSP") from its 
storage, and the server sends the PSP to the terminal. The 
terminal displays the PSP to the user, prompting the user to 
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verify that the PSP is correct, preferably by user entry of 
a personal identification number (PIN) (see: Col. 6, lines 
21-36) . Under the Merritt method, the server does not 
generate an authenticity output message and does not 
communicate a generated authenticity output message to the 
user along a connection which is separate from the 
connection between the host and the terminal. Rather, under 
the Merritt system, the server authenticates itself and 
sends that information to the terminal while the terminal 
authenticates itself and sends that information to the 
server. The Merritt server does not authenticate the 
terminal, but authenticates itself (i.e., the server) to the 
terminal (Col. 4, lines 60-64). The server does not 
authenticate the terminal and does not generate any 
authenticity output message regarding the authenticity of 
the terminal. Further, under Merritt, the user does not 
receive any authentication information, from either the 
terminal or the server. The user simply gets prompted with 
his PSP. The user does not have a separate connection with 
the host and does not receive terminal authentication 
information from the host. 

With specific reference to the language of independent 
Claim 9, Applicants respectfully assert that the Merritt 
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patent does not teach or suggest the invention as claimed. 
The Merritt system does not teach or suggest that the server 
has a communication component for establishing and 
conducting communications with a terminal along a first 
trusted connection and for establishing and conducting 
communications with a user along a second trusted 
connection. Merritt provides one communication line^ 9 of 
Fig. 1^ between the host/server and the terminal. Merritt 
does not teach or suggest that the user have a separate 
connection with the server. The Examiner, in the Response 
to Argvments section, has cited Fig. 2 as illustrating a 
first trusted connection with a terminal; however. Fig. 2 
shows an exemplary database entry, and clearly does not 
teach or suggest the claimed first trusted connection. The 
Examiner further cites the passage found from Col. 6, lines 
21-22 against the claim feature of a second trusted 
connection between the communication component of the server 
and the user. The cited passage states "[rjeferring again 
to Fig. 3, the ATM 10 sends the account information to the 
bank's host 2 in step 360." Applicants contend that 
communicating along the one connection, 9 of Fig. 1, between 
the host/server and the terminal does not teach or suggest a 
second trusted connection between the server and the user. 
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which second trusted connection is separate from the first 
trusted connection between the server and the terminal. 

The claim language of Claim 9 also expressly recites 
that the server has at least one authentication component 
for verifying the authenticity of the terminal. According 
to the teachings found in Merritt at Col. 4, lines 60-64, 
however, the server authenticates itself to the ATM terminal 
(in step 340 of Fig. 3) but does not authenticate the 
terminal, per se. While Fig. 1 of Merritt does illustrate a 
comparator component and RN generator, Merritt does not 
teach that the components comprise an authentication 
component for verifying the authenticity of a terminal. The 
Examiner additionally cites Fig. 3, element 315 against the 
authenticity component. What is illustrated at 315 of Fig. 
3 is the process step of the two-way challenge-response 
process. Element 315 does not illustrate a server 
authentication component. Finally, the Examiner cites the 
passage found from Col. 2, lines 10-14 against the claimed 
at least one authentication component. The cited passage 
states that there is a need to authenticate a terminal to a 
user. Neither the cited passage nor the ensuing Merritt 
teachings, however, expressly teach that the terminal is 
authenticated by the server. 
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The independent Claim 9 further recites a message 
generation component for generating at least one 
authenticity output message for delivery to the user along 
the second trusted connection. Applicants first assert that 
Merritt does not teach or suggest that its host server has a 
message generation component or that the server generates an 
authenticity output message. The Examiner cites element 3 
of Fig. 1 as showing both a message generation component and 
a storage location (see: the top of page 9 of the Office 
Action) . What Fig. 1, element 3 illustrates is a database. 
The only teachings of the host accessing that database are 
found at Col. 6, lines 22-23 and at Col. 7, lines 5-7 where 
the host retrieves the PSP and account information from the 
database. Applicants argue that it is clear that the 
Merritt element 3 database is not a message generation 
component but is simply a storage location. The Examiner 
also appears to analogize retrieving and displaying the PSP 
to the dynamic generation and display of an authenticity 
output message indicating that the terminal has been 
authenticated. Applicants assert that Merritt does not 
teach or suggest that the PSP is a terminal authenticity 
message. The PSP is a retrieved user identifier. 

Applicants further reiterate that the PSP is delivered from 
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the host to the terminal along the one connection. The PSP 
is not a terminal authenticity message which is send to the 
user along a second trusted connection, separate from the 
connection between the server and the terminal. In the 
Response to Arguments section, the Examiner does not cite 
any teachings from Merritt against this claim language. 
Instead, the Examiner simply states " (from host to ATM 
screen) " at the bottom of page 2 and top of page 3 of the 
Office Action. Applicants maintain that Merritt does not 
teach or suggest that an authenticity message is delivered 
to the user, at all, let alone via the ATM screen. 
Moreover, what is displayed at the ATM screen in Merritt is 
received by the terminal from the host along the one 
connection. There is no teaching or suggestion in Merritt 
of a second trusted connection between the host and the 
user, separate from the connection between the host and the 
terminal, along which an authenticity message could be 
communicated. 

It is well established under U. S. Patent Law that, for 
a reference to anticipate claim language under 35 USC 102, 
that reference must teach each and every claim feature. 
Since the Merritt patent does not teach that the server 
comprises a communication component which establishes a 
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separate connection with the user, and does not teach that 
the server comprises a message component which provides 
terminal authentication information to the user along the 
second, separate connection, it cannot be maintained that 
the Merritt patent anticipates the invention as claimed in 
independent Claim 9 and Claims 10-11 which depend therefrom 
and add further limitations thereto. 

The language of the other independent claims. Claims 12 
and 30, has been rejected as unpatentable over the combined 
teachings of Merritt and Manduley. Applicants rely on the 
arguments presented above with respect to the teachings of 
the Merritt patent. Applicants maintain that the Merritt 
patent does not teach or suggest the steps of establishing a 
first authenticated trusted connection upon authenticating 
the terminal and of establishing a second trusted connection 
between the server and the user device upon authenticating 
itself to the device, wherein the first trusted connection 
is separate from the second trusted connection, as is 
expressly recited in the independent claims. Merritt does 
not teach or suggest separate connections. Applicants 
further assert that Merritt does not teach or suggest any 
communications between the host and the user that do not 
involve the ATM terminal. The Examiner, on page 3 of the 
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Office Action^ cites reference numeral 380 against the 
second trusted connection. However, reference numeral 380 
illustrates the step of "ATM Communicates PSP to Customer". 
Clearly the ATM displaying the PSP to the user is not the 
same as or suggestive of the server communicating a terminal 
authenticity output message to the user along a second 
trusted connection, and not communicating that message along 
the connection between the server and the terminal. Rather, 
the Merritt ATM is displaying information which was received 
by the terminal from the host along the only connection. 

Applicants further assert that the additionally cited 
Manduley patent does not provide the teachings which are 
missing from the Merritt patent. The Examiner acknowledges 
that the Merritt patent does not teach or suggest providing 
a terminal authenticity message to the device. The Manduley 
patent teaches a method for assuring that the user is 
actually in possession of the card. The invention as set 
forth in independent claim 12 expressly recites the server 
providing a terminal authenticity message to the device via 
the established second trusted connection. As claimed, the 
user device is being provided with confirmation that the 
terminal has been authenticated. User authentication is not 
being claimed. Moreover, sending terminal authentication 
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information directly from a server to a user device along a 
connection which is separate from the connection between the 
terminal and the server, thereby eliminating the possibility 
of a terminal interfering with or falsely generating a 
terminal authentication message, is not taught or suggested 
by the Manduley device display. Neither Manduley nor 
Merritt teaches that a terminal authentication message be 
communicated directly to the user device along a separate 
connection between the user device and the server, without 
also communicating the message along the connection between 
the terminal and the server. Since that limitation is not 
taught or suggested by the cited references, and since that 
limitation is recited in all of the remaining pending 
claims, it cannot be concluded that the claims are rendered 
obvious by the combination of teachings of Merritt and 
Manduley. 

The Examiner has stated that Manduley teaches that the 
"smartcard contains an LCD display that will, at the request 
of the server/issuing authority, display a message to the 
user", citing Col. 3, lines 11-16 and lines 47-58. However, 
displaying at the device/card is not sufficient to render 
the claims unpatentable. Even if one were to modify Merritt 
so that the user device could display the PSP, rather than 
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the terminal displaying the PSP, one would not arrive at the 
invention as claimed. Neither patent teaches or suggests 
two different connections. Neither patent teaches or 
suggests providing a terminal authenticity message, and 
neither teaches providing that message via an established 
second connection between the user device and the terminal 
without also communicating that message to the terminal 
along the first connection. Regardless of where any 

message would be displayed, the fact remains that there are 
no teachings of establishing two distinct connections and of 
communicating the terminal authenticity message along only 
one of those connections. Since neither reference teaches 
the claim features, a prima facie case of obviousness simply 
has not been presented by the Examiner (In re Wilson^ 424 
F.2d 1382, 165 USPQ 494 (C.C.P.A. 1970)). 

The addition of the teachings of the Schneier reference 
to the combination of Merritt and Manduley do not render the 
invention obvious. While Schneier can output a number to 
represent a message, there is nothing in Schneier which 
would lead one having skill in the art to modify the 
combination of Merritt and Manduley to include communication 
of terminal authentication along a connection between a 
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server and a user device and not along a different 
connection between the terminal and the server. 

The addition of the Lessin patent teachings to the 
combination of Merritt and Manduley does not render the 
pending claims obvious. Lessin has been cited for teaching 
that a user enter a PIN. The combination of Merritt, 
Manduley and Lessin would again effectively teach away from 
the claimed invention since the user would be forced to 
enter his PIN at a terminal before establishing that the 
terminal was trusted. Clearly that does not obviate the 
language of Claim 20, which expressly states that the server 
first send terminal authentication information directly to 
the user device and not the terminal for authenticating the 
user . 

Similarly, the addition of Daggar to the combination of 
Merritt and Manduley would not obviate the invention as set 
forth in Claim 25. Daggar simply states that card 
authenticity must be established. Daggar neither teaches 
nor suggests how Daggar would establish the authenticity of 
the card. Moreover, it cannot be concluded that the claimed 
implementation is obviated since the claim recites the 
limitations of Claim 12 further comprising authenticating 
the device to the server. Since none of the cited 
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references teaches that the device be authenticated^ that 
the server establish a trusted connection with the device 
and that the server communication terminal authentication 
information directly to the device along the trusted 
connection, it cannot be concluded that the combination 
obviate the claim. 

Based on the foregoing amendments and remarks. 
Applicants respectfully request entry of the amendments, 
reconsideration of the amended claim language in light of 
the remarks, withdrawal of the rejections, and allowance of 
the claims. 



Respectfully submitted. 



N. Asokan, et al 



By: 



Anne Vachon Rougher 
Registration No. 30 
Tel. (914) 962-5910 
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